Ensure that encryption is enabled for your AWS DocumentDB (with MongoDB compatibility) clusters for additional data security and in order to meet compliance requirements for data-at-rest encryption. The encrypted data includes your DocumentDB cluster's data, indexes, logs, replicas and snapshots. DocumentDB service handles data encryption and decryption transparently, with minimal impact on cluster performance.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- General Data Protection Regulation (GDPR)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
The encryption feature available for Amazon DocumentDB clusters provides an additional layer of data protection by helping secure your data against unauthorized access to the underlying storage.
To determine if your AWS DocumentDB clusters have data-at-rest encryption enabled, perform the following actions:
Remediation / Resolution
To enable data-at-rest encryption for your existing Amazon DocumentDB clusters, perform the following actions:
- AWS Documentation
- Amazon DynamoDB FAQs
- What Is Amazon DocumentDB (with MongoDB Compatibility)?
- Encrypting Data at Rest in Amazon DocumentDB
- Step 1: Create an Amazon DocumentDB Cluster
- Step 4: (Optional) Delete the Amazon DocumentDB Instance and Cluster
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
DocumentDB Encryption Enabled
Risk level: High